CUMMINGS ENGINEERING CONSULTANTS, INC.

CUMMINGS ENGINEERING CONSULTANTS, INC. Patent applications

Patent application number

Title

Published

20140143538

Data Security and Integrity by Remote Attestation - This invention includes apparatus, systems, and methods to ensure the security and integrity of data stored, processed, and transmitted across compute devices. The invention includes a system comprising at least one of said devices, application software installed on said devices and coupled to the device's hardware and software stack to execute data encryption and remote attestation, and said devices coupled with an attestation server through a communication network. The invention includes a process to configure said devices for data encryption and remote attestation and performing an initial inventory and content scan of the device's hardware and software stack with results transmitted across a communication network to the attestation server. The invention includes periodic inventory and content scans of the device's hardware and software stack with results transmitted again to the attestation server via the communication network. The attestation server stores said results in a database for comparison to subsequent results sent by devices. The attestation server notes any differences in the most recent results and sends an alert to the device if the device is configured differently based on the previous scan, or configured the same if no differences were noted.

05-22-2014

20130332724

User-Space Enabled Virtual Private Network - This invention includes apparatus, systems, and methods to establish a virtual private network (“VPN”), or a secured network for authenticated and encrypted data transmission to prevent disclosure of private information to unauthorized parties. This invention provides secure and authenticated data transmission from a communication device to another device over any public or private network while using existing standard applications such as email, VoIP, internet browsers, ISR applications, video conferencing, telecommuting, inventory tracking and control, etc. without the need to secure or add encryption features into each specific application. This invention provides the opportunity to selectively secure one or more existing applications with configuration changes that can be made at the user-space level of the software stack and without need for higher level software stack access, such as root access.

12-12-2013

20130191897

Field Provisioning a Device to a Secure Enclave - This invention includes apparatus, systems, and methods to add a new device to a secure enclave, without requiring the new device to enter close proximity to the security entity and protected area. A new device is able to gain access to the secure enclave by first obtaining a temporary credential from an existing device in the field. The new device presents the temporary credential to the security entity which authenticates, provisions, and if appropriate fully associates the new devices to the secure enclave. The invention also includes a process for creating and distributing the temporary credentials to existing devices in the field including using secure connections to transmit electronic version of the temporary credentials and methods to securely distribute physical copies of the credentials. This invention enables rapid deployment of new devices, or replenishment of lost or damaged devices in the field without compromising the security of the device or the secure enclave. The invention also reduces the resources required, provides a solution that is available at any time, and reduces the technical skill required to add a device to a secure enclave.

07-25-2013

20110131406

Secure Communication System For Mobile Devices - A comprehensive solution for providing secure mobile communication is provided. The system includes techniques for authentication and control of communication end-points; chain of trust to ensure devices are certified as authentic; contact list management; peer-to-peer encrypted voice, email, and texting communication; and a technique for bypassing an IP PBX to ensure high levels of security. The system is able to support use of commodity mobile communication devices (e.g., smart phones, laptops) over public carrier networks.

06-02-2011

20110130121

Technique For Bypassing an IP PBX - A method for establishing communication via a VoIP network bypasses the IP PBX component conventionally used to obtain address information. Instead of obtaining the IP address from a location register of the IP PBX, the method involves use of a server configured to assign and provide to the caller's communication device a unique address (IP address/port) of a proxy. The caller then sends a Short Message Service (SMS) text message to the callee with the assigned address of the proxy. Thereafter, the caller and the callee connect at the assigned address of the proxy, thereby forming a communication path. Preferably, the devices operated by the parties are conventional smart phones. According to the preferred embodiment of the present invention, the method further comprises the steps of: determining whether to encrypt the communication; and encrypting the communication, if it is determined that the communication is to be encrypted. Preferably, the Station-to-Station (STS) protocol is used to encrypt the data packets.